SLE Base Container Images 15 SP5

The SLE BCI team is delighted to share that in conjunction with the launch of SUSE Linux Enterprise Server 15 SP5, the Language and Application containers of SUSE Linux Enterprise Base Container Images (SLE BCI) have been upgraded to take advantage of the enhanced features offered the new product version. This endeavor spanned multiple weeks and has been successfully accomplished today,  thanks to automated building, testing and release pipelines.

What is SLE BCI?

SLE BCIs are popular, trusted, secure and minimal SUSE Linux Enterprise Server 15-based images that you can use to develop, deploy, and freely share (redistribute) your applications. If you are using Rancher or Rancher Prime, you are already relying on them. SLE BCI containers are provided as:

• General-purpose SLE BCI which can be used for building custom container images and for deploying applications.

Release Highlights

During recent weeks, the SLE BCI team has successfully provided the following enhancements:

New Additions

• A Python 3.11 Language development environment container that will be regularly maintained by SUSE, ensuring that users benefit from a stable development and runtime environment that is always free from vulnerabilities. Updates are delivered through the trusted SUSE Linux Enterprise Server 15 product until 31 December 2027.
• A PostgreSQL 15 Application container image has been added and older PostgreSQL version container images improved with interoperability fixes. The PostgreSQL 15 container is going to include security vulnerability fixes for the remaining support lifecycle of SLES 15 SP5.
• A maintained Node.js 18 Language development environment container image has been added.
• PHP 8 containers are provided as a technology preview.

Improvements to existing containers

• The fast-rolling languages like Go and Rust are now also providing a :stable (always referring to the newest released stable patchlevel version) and :oldstable tag (always referring to the older, :stable-1 version of the respective language environment).  If you want to roll with these releases, you can change your CI build pipelines to derive from those tags. If you prefer to lock to a specific version in your CI/CD pipelines, we provide timeline in a com.suse.supportlevel.until label (in RFC3339 date format) until when you can expect to continue receiving updates and after which you should switch to a newer release.
• Upcoming the SLE BCI team is preparing a rollover to use a longer 4096 bit RSA signing key for Cosign / Sigstore.dev container signing key for integrity verification.  This  new signing key will be

  pub   rsa4096/0x100CEB438FD6C337 2023-01-19 [SC] [expires: 2027-01-18]
  
  Key fingerprint = 2BFA 4649 1A1C FFA8 31EF  C4B6 100C EB43 8FD6 C337
  uid                             SUSE Linux Container Signing Key <build-container@suse.de>

  Already today SUSE provides all containers protected with the SUSE Signing keys and we offer documentation on how to harden the supply chain integrity by configuring for automatic verification of containers. This ensures you are protected from any potential tampering in transit. Further guides on how to use SLE BCI can be found in the continuously updated SLE BCI documentation.

• While not directly apparent, significant effort has been invested into enhancing the stability of our release pipelines, reducing round-trip times and further completing the test coverage. This ensures that you consistently receive the latest updates while maintaining optimal stability. Rest assured that all updates are derived from the certified, supply-chain-secure, adaptable and easy-to-manage Linux server platform.

Other Highlights

Last but not least we extend our gratitude to our dedicated colleagues from the SUSE Customer Center team, who have already made enhancements to the listings of the SUSE maintained container images. Furthermore they will continue to enhance the  SUSE Registry frontend  with usability improvements and continuous feature updates over the next couple of weeks as well.